准备
基本yum源
yum install -y epel-release
yum install -y wget bash-com* git
yum update -y
yum -y install gcc bc gcc-c++ ncurses ncurses-devel cmake elfutils-libelf-devel openssl-devel flex* bison* autoconf automake zlib* fiex* libxml* ncurses-devel libmcrypt* libtool-ltdl-devel* make cmake pcre pcre-devel openssl openssl-devel jemalloc-devel tlc libtool vim unzip wget lrzsz bash-comp* ipvsadm ipset jq sysstat conntrack libseccomp conntrack-tools socat curl wget git conntrack-tools psmisc nfs-utils tree bash-completion conntrack libseccomp net-tools crontabs sysstat iftop nload strace bind-utils tcpdump htop telnet lsof
关闭防火墙,swap,selinux
#关闭防火墙
systemctl disable --now firewalld
#关闭swap
swapoff -a
sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab
#关闭selinux
setenforce 0
sed -ri '/^[^#]*SELINUX=/s#=.+$#=disabled#' /etc/selinux/config
安装wireguard
需要公网ip一个
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.proxy_arp = 1" >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
yum install https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm -y
yum install kmod-wireguard wireguard-tools wireguard-dkms yum-plugin-elrepo -y
重启
reboot
配置wireguard
生成服务器端的公钥和私钥
wg genkey | tee server_private_key | wg pubkey > server_public_key
生成客户端的公钥和私钥
客户端工具下载
链接: https://pan.baidu.com/s/1qbVzJa-hK4691to327XIiw 提取码: 1n2y
先安装TunSafe-TAP-9.21.2.exe
打开解压压缩文件,解压后打开TunSafe.exe
生成公钥和私钥
服务端配置文件
vim /etc/wireguard/wg0.conf
[Interface]
Address = 192.168.10.1/24 ##vpn网段中的服务端ip,自定义即可
SaveConfig = true
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 10443 ##监听端口
PrivateKey = oGZZJHtEhkIqj9TfRdPqNuWDaBLbxyNwXPLgfU+fdmI= ###服务端私钥
[Peer]
PublicKey = rYh91/aYVhwGRAL3ReveYkj6oL/sBziptN5GuRDpPDA= ###客户端公钥
AllowedIPs = 192.168.10.2/32 ###vpn网段中的客户端ip,自定义即可
客户端配置文件
[Interface]
PrivateKey = sHfHGh6bS9Jzx/GAfItoyN9JInf+v9ZS0Ar1bHKcW0U= ##客户端私钥
DNS = 114.114.114.114 ##dns
Address = 192.168.10.2/24 ##vpn网段中的客户端ip,与服务器端写的对应
[Peer]
PublicKey = TkIA/PDWVz8MJTxfLLazvc9vvw9O5HfjWTOZLDorDGE= ##服务端公钥
AllowedIPs = 0.0.0.0/0
Endpoint = xxxxx:10443 ##连接服务上公网:10443,安全组需对外开发udp端口10443
PersistentKeepalive = 25
wireguard启动
服务端启动
wg-quick up wg0
wh show